Installing Openvpn In Osmc

Aug 19, 2015

I was running Raspbmc in Raspberry Pi which I like to use once a year (but I’m
not gonna write about that part). What’s interesting about that device is that I
always have it on and it’s connected to my router, so it makes it a great
candidate for installing vpn server in it. And instead of getting another Pi to
run vpn server and keep it up and running 24/7, it’s a good idea to just install
OpenVpn on it also since it’s built on top of linux and that’s what I had. There
have been lot of changes to the project and it also changed it’s name to
OSMc. So I just decided to reformat,
get OSMC and install OpenVpn on it again. Since I didn’t provision that server
with chef (would be interesting to see someone run chef client in Pi though)
I had to do everything manually again. Decided to write about it in case others
would be interested in creating similar setup also. And since OSMC is built on
top of Debian, this guide mostly applies to any Debian based setup.

Before anything let’s install needed packages and switch to root user since
most of what we’ll do will require sudo permissions:

Here open vpn will listen on 1194 and it’s udp, if you want it to listen on a
different port or be tcp, make sure to change this. redirect-gateway is to
forward internet traffic and to be able to access other boxes on the network.
Next line is to resolve dns. I put my router gateway so local hostnames will
also resolve. Your gateway may be different.
If for a scpecific client we don’t want to redirect internet traffic we can add
this to client config:

This will configure firewall for forwarding and we save the configuration to
/etc/iptables.up.rules file. We need to restore those settings when interface
starts after the reboot. Let’s create a script file for it
/etc/network/if-pre-up.d/iptables:

#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules

And make the script executable:

chmod +x /etc/network/if-pre-up.d/iptables

Now vpn server is configured. We need to restart OpenVpn or just reboot the
server to make sure that firewall will still work.

Client setup

For mac I like to use Tunnelblick client and for iOS OpenVpn app.
This should be almost same setup even if you prefer to use other clients.

Make sure to set SERVER DNS and CLIENT NAME. For Tunnelblick we can just
create a folder which name ends with .tblk, put config file, ca.crt, and our
client .crt and .key files in it. Securely transfer this folder to client
and open it while you have Tunnelblick installed. Tunnelblick will create a
configuration for it.

For iOS, setup is similar but we’ll use .ovpn file with certs and key embedded
in it. Save the above config in .ovpn file without ca, cert and
key lines, name it your CLIENT NAME.ovpn and run following lines: